1dd04b0f34586c50395f466ddfd68509e2603dda2b76949c1f1e1b5fba8dafad

Sharing

Copy URL Twitter E-mail

General

Target

1dd04b0f34586c50395f466ddfd68509e2603dda2b76949c1f1e1b5fba8dafad
Size

87KB
MD5

268071f8924c97dd44f828b43e18c060
SHA1

21ee5239b9217f8fcb1c359067f8abdf9a6602b8
SHA256

1dd04b0f34586c50395f466ddfd68509e2603dda2b76949c1f1e1b5fba8dafad
SHA512

ddef8a44be21afaa4906b86a54186552342752544d8fc65b4cd676312edfe5782a8c82b8960360ac0c198150d64116e4198da277944dfb8e264f92d5e2bf7525
SSDEEP

1536:A5+JR0wQaD5fOBjM0S3B3h1WgJgJa5OzmT10xgPPe3H99DzlL9:55OBOhJIzLU2399Hl

Score

N/A

Malware Config

Signatures

Files

1dd04b0f34586c50395f466ddfd68509e2603dda2b76949c1f1e1b5fba8dafad
.exe windows x86

06e28cc5468c27081f2546bbda798b1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_XcptFilter
_exit
__initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
exit
fwprintf
_strdup
??2@YAPAXI@Z
_cexit
_c_exit
__set_app_type
_controlfp
_except_handler3
wprintf
fopen
strtok
printf
_flushall
fgets
realloc
isdigit
isalpha
_stricmp
strrchr
atoi
free
strchr
strncmp
atol
sprintf
fprintf
wcstol
wcschr
towlower
tolower
wcscpy
wcsncmp
wcslen
swprintf
wcscmp
??3@YAXPAX@Z
_iob

advapi32

StartServiceW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle

kernel32

GetModuleHandleA
GetModuleHandleW
GetLastError
FormatMessageW
LocalFree
MultiByteToWideChar
Sleep

ws2_32

inet_ntoa
gethostbyname
WSACleanup
WSAStartup
inet_addr

rpcrt4

UuidCreate
UuidIsNil
UuidCompare
UuidFromStringA
UuidCreateNil

msvcirt

?cin@@3Vistream_withassign@@A
??5istream@@QAEAAV0@AAD@Z
?cerr@@3Vostream_withassign@@A
?endl@@YAAAVostream@@AAV1@@Z
??6ostream@@QAEAAV0@PBD@Z
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
?cout@@3Vostream_withassign@@A

ole32

StringFromGUID2

crypt32

CertNameToStrW
CertStrToNameW

winipsec

ord39
ord56
ord61
ord55
ord62
ord69
ord70
ord40
ord71
ord72
ord25
ord73
ord74
ord65
ord35
ord49
ord30
ord24
ord64
ord48
ord34
ord29
ord47
ord33
ord28
ord38
ord23
ord63
ord46
ord51
ord45
ord22

polstore

IPSecEnumPolicyData
IPSecCopyPolicyData
IPSecEnumNFAData
IPSecGetISAKMPData
IPSecGetNegPolData
IPSecFreePolicyData
IPSecAllocPolStr
IPSecSetPolicyData
IPSecFreeMulPolicyData
IPSecAllocPolMem
IPSecCreatePolicyData
IPSecClosePolicyStore
IPSecOpenPolicyStore
IPSecDeleteISAKMPData
IPSecCreateISAKMPData
IPSecFreeISAKMPData
IPSecFreePolMem
IPSecDeleteNegPolData
IPSecDeleteFilterData
IPSecSetNFAData
IPSecCreateFilterData
IPSecCreateNegPolData
IPSecFreePolStr
IPSecFreeNegPolData
IPSecFreeFilterData
IPSecCreateNFAData
IPSecUnassignPolicy
IPSecGetAssignedPolicyData
IPSecAssignPolicy
IPSecDeletePolicyData
IPSecDeleteNFAData
IPSecGetFilterData

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

06e28cc5468c27081f2546bbda798b1d

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

ws2_32

rpcrt4

msvcirt

ole32

crypt32

winipsec

polstore

Sections

.text Size: 62KB - Virtual size: 62KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 21KB - Virtual size: 24KB

.text
Size: 62KB - Virtual size: 62KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 21KB - Virtual size: 24KB